MANILA, Philippines – Password manager LastPass announced on their company blog on Monday, June 15 (June 16, Manila time) that it was hacked.
While the passwords you have saved on other sites should remain safe, LastPass did urge users to change their master password and enable two-factor authentication on the service.
The company’s security notice explained that in the company’s investigation, there was “no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed.”
It added, however, that “LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”
The security notice further said that “We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.” LastPass will also email everyone about the security incident. (READ: Personal password management with KeePass and LastPass)
Users can visit this link to update their passwords. They can also enable multifactor authentication through a number of different services via this link to increase the protection on LastPass accounts. – Rappler.com